Audit Committees Step Up Risk Oversight by Chris Trayhorn, Publisher of mThink Blue Book, May 14, 2007 When the audit committee of a publicly traded company sits down to meet, what’s on the agenda? What issues are considered most important? Across many industry sectors, audit committees are placing an increasingly important priority on risk issues, with regulation, merger and acquisitions (M&A) and information technology leading the list of top concerns. Those are the findings of an in-depth survey of audit committee chairs and members from 176 companies across 11 industry sectors, conducted by Ernst & Young. Among the participants were 18 utilities and nine oil & gas firms. The 2006 Audit Committee Survey involved audit committee chairs, audit committee members and board members, gathering information and gleaning emerging best practices regarding their oversight role, activities and the composition of their committees. The overall results indicate that audit committees are evolving with the changing business landscape, such as by developing an increased awareness and understanding of the risks facing businesses today. Yet the survey results also reflect a growing concern over escalating responsibilities, the increasing need for continuing education, and the shrinking pool of available and qualified members to serve in these critical corporate governance roles. One of the most interesting results of Ernst & Young’s 2006 Audit Committee Survey is the growing importance boards are placing on proactively identifying and managing risks related to business strategies and objectives. That is especially true for companies in industries such as banking, insurance and telecommunications. This paper will provide an overview of the study’s findings and their implications for the oil & gas and utility industry. Oil & Gas and Utilities Audit Committes: Making the Risk Transition Audit committee members for oil & gas and utilities companies describe their current primary responsibilities as providing oversight for financial reporting, internal controls and emerging risks. The focus on emerging risks is relatively new and is forcing these audit committees to stretch their understanding of the business beyond the core competencies of accounting, capital structure, tax and credit risks. Much like other industries, oil & gas and utilities reported a clear understanding of their companies’ risk profile from a strategic, operational, financial and compliance perspective. They also reported having comprehensive processes and structures in place to manage risks, but they appear to be moving more slowly than companies in other industry sectors when it comes to fully transitioning audit committee responsibilities to include oversight of emerging risks. For example: Only 31 percent of oil & gas and utilities companies spend 20 percent or more of their meeting agendas on risk, compared with 46 percent of those from other sectors; Only 37 percent of oil & gas and utilities companies receive quarterly risk updates, compared with 55 percent of those from other sectors; and Only 36 percent of oil & gas and utilities companies use outside risk advisors, compared with 51 percent of those from other sectors. Among the best practices identified by participants in other sectors were the establishment of a separate risk committee; periodic meetings with regulators to understand the breadth of emerging issues; and monthly or quarterly reports on risk provided by management. Oil & gas and utilities audit committees are less likely than other industry sectors to have a separate subcommittee on risk, and fewer than 10 percent have a formal crisis plan for dealing with financial errors, irregularities or compliance issues. Yet they do see a need for greater involvement in helping their companies manage the risk landscape. Audit Committe Opportunities Of the companies surveyed, more than half of their audit committee members were between the ages of 61 and 70. This tells us that in coming years there will probably be substantial turnover among audit committee members across many sectors, representing both a challenge and an opportunity. The challenge is for organizations to find and attract talented, experienced and diversified directors who fully understand the complexity and rapid pace of change that is common in business today. The opportunity for audit committees is to expand the knowledge and skill of their boards with men and women who have strong backgrounds in managing risk and deep experience in finance, accounting, legal and regulatory affairs, with a more complete understanding of topics such as information technology. In fact, corporate boards across all industry sectors may be well=served to re-evaluate their recruiting practices and seek out audit committee members under the age of 50 who can bring a more diverse range of thought and experience to their roles. The growing awareness of the need for more hands-on risk management guidance also means that audit committees must include members who take a more holistic view of today’s business environment. Narrowing the Focus: The Utility Sector When comparing responses from the utility sector alone with the 10 other industry groups in the survey, we found that utility audit committees often have a more narrowly defined scope for risk oversight – with a primary focus on accounting and capital structure risks – than do other industry sectors, which also focus on tax and regulatory risk. As a general rule, most utilities also do not face the risks associated with global expansion that many other sectors face. This might explain, in part, why utility audit committees spend less time than other sectors on risk issues. However, despite the more narrow focus on risk to date, survey results indicate that this attitude is changing. Respondents cited the utility sector’s top risk concerns as: Regulatory issues; Major initiatives; People/human resources; M&A; and Market dynamics. It is worth noting that utility company respondents mentioned regulatory issues as the top risk concern. This is likely explained because the industry is facing an expanding compliance and regulatory risk universe as a result of Sarbanes- Oxley 404, the FERC’s additional enforcement powers under the Energy Policy Act, and new Clean Air Act rules, which are layered on top of ongoing requirements related to rate making, reliability, market practices and operational performance. The utility sector’s focus on major initiatives and people as the second and third priority concerns is likely the result of continued M&A and consolidation activity on both the wholesale and retail sides of the industry, as well as issues related to an aging workforce and the challenge of replacing retiring workers. Shift in Risk Focus Many utilities, their boards of directors and their audit committees are only now adjusting to the growing regulatory compliance requirements – and recognizing the time, resources and business implications involved. Yet our survey shows there are still others that have not yet come to terms with the shifting tide of risk oversight. The companies that are behind the curve are likely to be more vulnerable to “risk surprises,” which are exactly what good risk oversight practices are intended to prevent. In all fairness, during the past two years, utility respondents indicated that they were not caught by any unexpected risk developments, so the processes in place to identify and manage risk may be working well. Let’s hope so. But with changes in the regulatory risk landscape, it is not wise to rest on laurels. All indications are that utility audit committees will place more focus on regulatory compliance risk in the years to come. To support this expanded focus, utility company audit committees will need to request more information than they currently get from management, and more support from outside sources may be necessary to identify potential shifts in state and federal regulatory environments. To their credit, more than 80 percent of utility audit committees have a formal orientation program and nearly half have a formal continuing education program that most respondents regard as effective. They did acknowledge, however, that greater education is needed for audit committees in the areas of accounting and financial reporting risk on one hand and regulatory compliance risks on the other. This interest in education around regulatory risk is consistent with the previously mentioned trends emerging around the focus on regulatory risk. Industry Insights: The Oil & Gas Sector Perhaps given the market fundamentals facing oil & gas companies today – volatile commodity prices, shifting geopolitical environments, calls for new energy-related mandates and a shrinking pool of qualified employees – it is not surprising that oil & gas audit committees identified people/ human resource issues and market dynamics as two of the top five most important risk factors their organizations face. Top risk concerns among oil & gas industry respondents were: Legal issues; Regulatory issues; Hazards (environmental and safety); Reputation; and People/human resource issues. The survey also found that, in general, oil & gas company audit committees devote more of their regular meeting agenda to risk-related issues than utilities do. To their credit, a majority of that time is invested in actively discussing risk issues and sharing viewpoints rather than listening to presentations, which tend to dominate many audit committee meetings in other sectors. Virtually all of the nine oil & gas participants reported that they had a clear understanding of their company’s risk profile from a strategic, operational, financial and compliance perspective. And 75 percent indicated that they had a comprehensive process and structure in place to identify and manage risks related to business goals and objectives. Yet in contrast to the utility sector, 25 percent also acknowledged that their audit committees had experienced significant surprises in the past 24 months with respect to new risk developments in areas that were not addressed by existing processes. One area deserving attention for oil & gas audit committees is that of continuing education. While two-thirds have a formal orientation program, only 11 percent have a formal continuing education program. Similar to utility respondents, oil & gas audit committee members specifically pointed to accounting and reporting financial risk and regulatory compliance risk as the top two areas where greater education is needed. Other Key Oil & Gas Findings With regard to industry risk, most survey respondents said they were planning for a decrease in oil & gas prices within the next 12 months. Nearly 60 percent said they had not revised their company’s process for estimating oil & gas reserves, and 71 percent said there was no need to revise existing SEC rules governing reserves. And while the primary motivation cited for seeking M&A partners was to add to their reserve base, there was no similar focus on building relationships with national oil companies to improve access or develop partnerships. Future Challenges New regulatory requirements and legislation, particularly the highly demanding Sarbanes-Oxley Act, and heightened expectations among stockholders and other investors are just some of the myriad of issues weighing on the minds of top-level management guiding today’s oil & gas and utilities companies. To meet these demands and stay competitive, oil & gas and utilities companies are working to bring more structure and transparency to their operations and to develop more effective methods for identifying and controlling potential risks, as well as preventing risk surprises. By increasing time and activities focused on risk, diversifying the talent on boards to capture new areas of expertise and stepping up continuing education, audit committees will be better positioned to identify, evaluate and manage risk exposure for companies. Filed under: White Papers Tagged under: Utilities About the Author Chris Trayhorn, Publisher of mThink Blue Book Chris Trayhorn is the Chairman of the Performance Marketing Industry Blue Ribbon Panel and the CEO of mThink.com, a leading online and content marketing agency. He has founded four successful marketing companies in London and San Francisco in the last 15 years, and is currently the founder and publisher of Revenue+Performance magazine, the magazine of the performance marketing industry since 2002.